Debian Package Tracker

general

source: mxml (main)
version: 2.12-2
maintainer: Alastair McKinstry [DMD]
arch: any
std-ver: 4.3.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 2.6-2
o-o-sec: 2.6-2+deb8u1
oldstable: 2.10-1
stable: 2.12-2
testing: 2.12-2
unstable: 2.12-2

versioned links

2.6-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.6-2+deb8u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.10-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.12-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libmxml-bin
libmxml-dev
libmxml1

action needed

A new upstream version is available: 3.0 high

A new upstream version 3.0 is available, you should consider packaging it.

Created: 2019-03-05 Last update: 2019-07-23 06:02

Failed to analyze the VCS repository. Please troubleshoot and fix the issue. high

vcswatch reports that there is an error with this package's VCS, or the debian/changelog file inside it. Please check the error shown below and try to fix it. You might have to update the VCS URL in the debian/control file to point to the correct repository.

fatal: could not read Username for 'https://salsa.debian.org:': No such device or address

Created: 2018-07-09 Last update: 2019-07-22 19:30

2 security issues in sid high

There are 2 open security issues in sid.

2 important issues:

CVE-2018-20593: In Mini-XML (aka mxml) v2.12, there is stack-based buffer overflow in the scan_file function in mxmldoc.c.
CVE-2018-20592: In Mini-XML (aka mxml) v2.12, there is a use-after-free in the mxmlAdd function of the mxml-node.c file. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted xml file, as demonstrated by mxmldoc.

Please fix them.

Created: 2018-12-10 Last update: 2019-07-07 09:01

2 security issues in bullseye high

There are 2 open security issues in bullseye.

2 important issues:

CVE-2018-20593: In Mini-XML (aka mxml) v2.12, there is stack-based buffer overflow in the scan_file function in mxmldoc.c.
CVE-2018-20592: In Mini-XML (aka mxml) v2.12, there is a use-after-free in the mxmlAdd function of the mxml-node.c file. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted xml file, as demonstrated by mxmldoc.

Please fix them.

Created: 2019-07-07 Last update: 2019-07-07 09:00

Build log checks report 1 error and 3 warnings high

Build log checks report 1 error and 3 warnings

Created: 2014-07-02 Last update: 2018-03-03 01:34

lintian reports 1 warning normal

Lintian reports 1 warning about this package. You should make the package lintian clean getting rid of them.

Created: 2019-07-12 Last update: 2019-07-12 06:43

The URL(s) for this package had some recent persistent issues low

DUCK reports some issues concerning upstream URLs defined for this package.

Created: 2019-01-12 Last update: 2019-07-23 08:22

2 ignored security issues in buster low

There are 2 open security issues in buster.

2 issues skipped by the security teams:

CVE-2018-20593: In Mini-XML (aka mxml) v2.12, there is stack-based buffer overflow in the scan_file function in mxmldoc.c.
CVE-2018-20592: In Mini-XML (aka mxml) v2.12, there is a use-after-free in the mxmlAdd function of the mxml-node.c file. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted xml file, as demonstrated by mxmldoc.

Please fix them.

Created: 2018-12-10 Last update: 2019-07-07 09:01

2 ignored security issues in jessie low

There are 2 open security issues in jessie.

2 issues skipped by the security teams:

CVE-2018-20593: In Mini-XML (aka mxml) v2.12, there is stack-based buffer overflow in the scan_file function in mxmldoc.c.
CVE-2018-20592: In Mini-XML (aka mxml) v2.12, there is a use-after-free in the mxmlAdd function of the mxml-node.c file. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted xml file, as demonstrated by mxmldoc.

Please fix them.

Created: 2016-05-06 Last update: 2019-07-07 09:01

3 ignored security issues in stretch low

There are 3 open security issues in stretch.

3 issues skipped by the security teams:

CVE-2018-20004: An issue has been found in Mini-XML (aka mxml) 2.12. It is a stack-based buffer overflow in mxml_write_node in mxml-file.c via vectors involving a double-precision floating point number and the '<order type="real">' substring, as demonstrated by testmxml.
CVE-2018-20593: In Mini-XML (aka mxml) v2.12, there is stack-based buffer overflow in the scan_file function in mxmldoc.c.
CVE-2018-20592: In Mini-XML (aka mxml) v2.12, there is a use-after-free in the mxmlAdd function of the mxml-node.c file. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted xml file, as demonstrated by mxmldoc.

Please fix them.

Created: 2018-12-10 Last update: 2019-07-07 09:01

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.4.0 instead of 4.3.0).

Created: 2019-07-08 Last update: 2019-07-08 20:08

news

[rss feed]

[2019-01-25] Accepted mxml 2.6-2+deb8u1 (source amd64) into oldstable (Abhijith PA)
[2019-01-07] mxml 2.12-2 MIGRATED to testing (Debian testing watch)
[2019-01-02] Accepted mxml 2.12-2 (source amd64) into unstable (Alastair McKinstry)
[2018-10-11] mxml 2.12-1 MIGRATED to testing (Debian testing watch)
[2018-10-11] mxml 2.12-1 MIGRATED to testing (Debian testing watch)
[2018-10-06] Accepted mxml 2.12-1 (source amd64) into unstable (Alastair McKinstry)
[2018-07-14] mxml 2.11-2 MIGRATED to testing (Debian testing watch)
[2018-07-09] Accepted mxml 2.11-2 (source amd64) into unstable (Alastair McKinstry)
[2018-03-08] mxml 2.11-1 MIGRATED to testing (Debian testing watch)
[2018-03-02] Accepted mxml 2.11-1 (source amd64) into unstable (Alastair McKinstry)
[2016-09-21] mxml 2.10-1 MIGRATED to testing (Debian testing watch)
[2016-09-15] Accepted mxml 2.10-1 (source amd64) into unstable (Alastair McKinstry)
[2016-09-06] mxml 2.9-3 MIGRATED to testing (Debian testing watch)
[2016-08-31] Accepted mxml 2.9-3 (source amd64) into unstable, unstable (Alastair McKinstry)
[2016-06-16] mxml 2.9-2 MIGRATED to testing (Debian testing watch)
[2016-06-11] Accepted mxml 2.9-2 (source amd64) into unstable (Alastair McKinstry)
[2016-06-10] Accepted mxml 2.9-1 (source amd64) into unstable (Alastair McKinstry)
[2013-01-03] Accepted mxml 2.7-1 (source amd64) (Luis Uribe) (signed by: Yaroslav Halchenko)
[2011-02-06] mxml 2.6-2 MIGRATED to testing (Debian testing watch)
[2010-10-22] Accepted mxml 2.6-2 (source mipsel) (Luis Uribe) (signed by: Anibal Monsalve Salazar)
[2009-11-27] mxml 2.6-1 MIGRATED to testing (Debian testing watch)
[2009-11-17] Accepted mxml 2.6-1 (source amd64) (Luis Uribe)
[2008-07-09] mxml 2.5-2 MIGRATED to testing (Debian testing watch)
[2008-06-29] Accepted mxml 2.5-2 (source amd64) (Luis Uribe)
[2008-05-21] mxml 2.5-1 MIGRATED to testing (Debian testing watch)
[2008-05-10] Accepted mxml 2.5-1 (source amd64) (Luis Uribe)
[2008-02-06] mxml 2.4-1 MIGRATED to testing (Debian testing watch)
[2008-01-20] Accepted mxml 2.4-1 (source amd64) (Luis Uribe)
[2007-08-31] mxml 2.3-1 MIGRATED to testing (Debian testing watch)
[2007-08-19] Accepted mxml 2.3-1 (source amd64) (Fathi Boudra) (signed by: Pierre Habouzit)

bugs [bug history graph]

all: 4
RC: 0
I&N: 4
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian (0, 1)
buildd: logs, checks, clang, reproducibility, cross
popcon
browse source code
edit tags
security tracker

ubuntu

[Information about Ubuntu for Debian Developers]

version: 2.12-2
2 bugs